spec: add-features-roadmap-menu (proposal only)#1306
Conversation
Proposes a cross-repo Features & Roadmap menu item mounted in every Conduction app's NcAppNavigationSettings slot above the gear. - Features tab: shipped capabilities from openspec/specs/, extracted at build time into docs/features.json (committed, also powers Docusaurus public features page) - Roadmap tab: open GitHub issues from the app's own repo, sorted by reactions, with pipeline-label blocklist and full markdown body rendering - Suggest-feature modal launched from the route header and from any widget/page declaring a specRef via its NcActions menu - Extends existing GitHubHandler with listIssues() + createIssue(); user PAT preferred, server PAT fallback with attribution prefix - Out of scope: ADR-019 fleet rollout, Discussions, Accept->specter wiring Capabilities: - github-issue-proxy - features-roadmap-menu Validates strict.
Hydra's orchestrator requires a hydra.json per change to dispatch. Adds the schema-v2 file pointing at issue #1328 with empty depends_on (greenfield change with no spec dependencies). Without this file, Hydra's supervisor silently skips the change even if it carries the `ready-to-build` label.
Quality Report — ConductionNL/openregister @
|
| Check | PHP | Vue | Security | License | Tests |
|---|---|---|---|---|---|
| lint | ✅ | ||||
| phpcs | ✅ | ||||
| phpmd | ✅ | ||||
| psalm | ✅ | ||||
| phpstan | ✅ | ||||
| phpmetrics | ✅ | ||||
| eslint | ✅ | ||||
| stylelint | ✅ | ||||
| composer | ✅ | ✅ 147/147 | |||
| npm | ✅ | ✅ 599/599 | |||
| PHPUnit | ❌ | ||||
| Newman | ❌ | ||||
| Playwright | ⏭️ |
Quality workflow — 2026-04-22 18:20 UTC
Download the full PDF report from the workflow artifacts.
|
🟡 Concern — CI check 'branch-protection / check-branch' is failing The PR has one CI failure: Suggested fix: Update the PR branch against development ( |
WilcoLouwerse
left a comment
There was a problem hiding this comment.
Strict-mode review — 8 blockers, 7 concerns, 2 minors.
Top blockers:
- 🔴 GitHub PAT scope requirements are absent from the
- 🔴 No token rotation or expiry policy defined for eit
- 🔴 POST /api/github/issues allows submitting to any p
- 🔴 GET /api/github/issues proxies the app-level PAT f
- 🔴 Attribution prefix embeds unsanitized Nextcloud di
- … +3 more 🔴 blockers
Strict mode requires REQUEST_CHANGES on any 🔴 or 🟡. Please address blockers and concerns before merge.
…minors) Addresses every finding from the 2026-05-07 strict-mode review on PR #1306, all on spec markdown documents (PR is spec-only). specs/github-issue-proxy/spec.md — added 9 new requirements: - Required PAT scopes (B1/F-PAT-scope) — minimum public_repo, fine-grained preferred, least-privilege documentation MUST - Token lifecycle (B2) — 90-day rotation cadence, fine-grained preferred, documented compromise procedure, optional health-check - Repo allowlist enforcement (B3+B4) — new IAppConfig key openregister::github_repo, both endpoints reject cross-repo with 403 repo_not_allowed; unset key returns 503 / hint envelope - Display-name sanitization in attribution prefix (B5) — strip markdown-injection chars, truncate to 80, validate https:// instance URL - specRef server-side validation (B6) — kebab-case regex + 80-char cap, HTTP 400 specref_invalid_format - Audit logging for server-PAT submissions (B7) — INFO entry with {user_id, repo, issue_number, specref, timestamp}; never PAT/body/title - APCu fallback for submission rate limit (C2) — falls back to ICache; fails closed with 503 rate_limiter_unavailable when neither is available - Per-user GET rate limit (C3) — 10 cache misses per user per 5 min, sort allowlisted to 4 fixed values specs/features-roadmap-menu/spec.md — added 4 new requirements: - DOMPurify config policy on remote images (C1) — strip http(s)://, //, data: src on <img>/<image>/<picture>; only relative refs render - Manifest freshness CI check (C4) — git diff --exit-code on docs/features.json after openspec-manifest build - Admin opt-out for the navigation entry (C5) — new IAppConfig key openregister::features_roadmap_enabled, defaults true - docsUrl frontmatter override validation (M2) — Node URL parse, https: scheme only, non-empty hostname; bad override falls back to default design.md — D14 now documents the specRef body-suffix backtick-wrapping format (M1), confirming consistency across spec.md / tasks.md / design.md and noting display-name sanitization references. hydra.json — issue field changed from URL string to integer per schema_version 2 (B8) so scripts/lib/hydra_record.py validation passes. tasks.md — added 17 implementation/follow-up tasks (1.14-1.22 backend security/resilience/compliance, 2.18-2.20 shared-lib hardening, 3.13-3.14 manifest CLI validation + CI snippet, 5.10-5.11 pilot integration of opt-out + manifest CI, 6.7 cross-repo openspec validate strict CI step). `openspec validate add-features-roadmap-menu --strict` passes (54 deltas across two specs). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
WilcoLouwerse
left a comment
There was a problem hiding this comment.
All 17 prior findings cleanly addressed in fix commit 8e52542 — verified by grep of fix-claim patterns against the diff (every claim matched). No new findings; current head's only check (Newman API Test Suite) passes. The earlier top-level 🟡 about branch-protection / check-branch was on the prior head (aec02a2) and is now moot.
Blockers resolved (8): PAT scopes, token lifecycle, POST repo allowlist, GET repo allowlist, attribution sanitization, specRef validation, audit logging, hydra.json issue type.
Concerns resolved (6 inline + 1 PR-level): DOMPurify remote images, APCu fallback, GET rate limit, manifest freshness CI, admin opt-out, test plan automation, CI branch-protection (moot on new head).
Minors resolved (2): task 1.8 backticks, docsUrl validation.
Summary
Proposes a cross-repo Features & Roadmap menu item mounted in every Conduction app's
NcAppNavigationSettingsslot, above the Settings gear. Spec-only PR — no implementation yet.openspec/specs/intodocs/features.json(committed; also powers a shared Docusaurus public features page).specRefvia itsNcActionsmenu.GitHubHandlerwithlistIssues()+createIssue(); user PAT preferred, server PAT fallback with attribution prefix; 1 submission per user per 60s rate limit.Capabilities introduced
github-issue-proxy— GET + POST endpoints on OpenRegisterfeatures-roadmap-menu— cross-repo UX contract (component, manifest, Docusaurus)Out of scope (deferred to follow-ups)
Validates
`openspec validate add-features-roadmap-menu --strict` → 0 errors.
Test plan